If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

[SOLVED] Trojan-Spy.Win32.Agent.bloy possible false positive

I'm using ZAISS latest version last updates. I use to do a complete scan of my hard drive several times per year, maybe 8 on average. I use the deepest settings I can (currently Super Scan mode and in Scan Options, Riskware, ADS and heuristics enabled, the other 3 checkboxes disabled) and leave the computer unattended.

The Trojan-Spy.Win32.Agent.bloy has been found in a win98 driver (driver_usb20_nvidia_9xme_v2.1.3.exe) of a motherboard (Gigabyte GA-7N400-L) that I used from Jan 2004 to Jul 2007. The rig with that mobo worked fine and no virus was ever found there (with McAfee). I sold that computer in 2007 and built my now secondary one (Athlon X2 5000+) that runs XP and ZAISS. In Sep 2009 I built my now main computer (Phenom II X4 955) that runs Vista and XP, ZAISS in both. No viruses have been ever found in any of the computers involved, although the file has been stored in every of them for years and passed many antivirus scans.

Every computer had or has one partition meant to store drivers, installers, documents etc that I backup quite frequently to rewritable DVD's, and I have these files in these partitions. Since Sep 2009 I've been maintaining and updating the one of my main computer, that I use daily, but the one of my secondary rig is mostly stuck with what it had back then. I turn it on about a 2 hours session per week.

However the virus has been detected in the three copies of the file: in my main computer, in the backup DVD and in the secondary computer.

The file in question is a compressed archive with many files inside as usual with drivers. I've managed to uncompress it to a folder of my secondary computer and the virus has been detected in \usb20_9x\9x_me\driver\Setup.exe .

The file isn't quite important but doesn't this sound to a false positive. Any way to double check?

Re: Trojan-Spy.Win32.Agent.bloy possible false positive

Thanks. Virustotal reported that the file has been submitted there in the past. In the last report generated before "mine", 1 from 34 or 39 engines reported something different from "-", but I cannot remember the details and now the last report is the one generated upon my request afterwards (I was concentrated in guessing if I'm supposed to do anything about the md5 displayed, but I don't have any app to generate it and I didn't find any that looked trustworthy enough -I downloaded one anyway but ZAISS regular scan of d/l files didn't report that the app was safe and the deeper scan advised to delete it, what I did-).

In the report generated "by me", 1 (Ikarus) from 41 engines reports it as "Trojan-Spy.Win32.Agent", the other 40 report "-". Most engines, discordant one included, are updated at 2010-11-20 (today), some few at 2010-11-19, one at 2010-11-18 and one at 2010-11-09.

Re: Trojan-Spy.Win32.Agent.bloy possible false positive

Originally Posted by factor

In the report generated "by me", 1 (Ikarus) from 41 engines reports it as "Trojan-Spy.Win32.Agent", the other 40 report "-". Most engines, discordant one included, are updated at 2010-11-20 (today), some few at 2010-11-19, one at 2010-11-18 and one at 2010-11-09.

Is this is enough to send it to Kaspersky as a false positive?

If this is the case also ZA should not detect it since it uses kaspersky. Unless you refer to the ZA heuristics that does not name treaths as you describe in the title. So your ZA is not updating correctly or you are using an old version 8.

So I won't report a false positive unless I'm advised to do so. I am now more interested in this point (reporting a false positive or not doing it) than in the file itself (I've managed to get an equivalent one from Gigabyte's web in case I decided to keep such old stuff, but I'm starting to think that it's pointless and that my backups need some cleaning).